Platform: Code4rena
Start Date: 26/07/2022
Pot Size: $75,000 USDC
Total HM: 29
Participants: 179
Period: 6 days
Judge: LSDan
Total Solo HM: 6
Id: 148
League: ETH
Rank: 168/179
Findings: 1
Award: $21.32
π Selected for report: 0
π Solo Findings: 0
π Selected for report: JohnSmith
Also found by: 0x1f8b, 0xA5DF, 0xDjango, 0xKitsune, 0xLovesleep, 0xNazgul, 0xSmartContract, 0xmatt, 0xsam, Aymen0909, Bnke0x0, CRYP70, Chandr, Chinmay, CodingNameKiki, Deivitto, Dravee, ElKu, Fitraldys, Funen, GalloDaSballo, Green, IllIllI, JC, Jmaxmanblue, Junnon, Kaiziron, Kenshin, Krow10, Maxime, Migue, MiloTruck, Noah3o6, NoamYakov, Randyyy, RedOneN, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, StyxRave, TomJ, Tomio, _Adam, __141345__, ajtra, ak1, apostle0x01, asutorufos, async, benbaessler, brgltd, c3phas, cRat1st0s, carlitox477, delfin454000, djxploit, durianSausage, ellahi, erictee, fatherOfBlocks, gerdusx, gogo, hyh, jayfromthe13th, jayphbee, joestakey, kaden, kenzo, kyteg, ladboy233, lucacez, m_Rassska, mics, minhquanym, oyc_109, pfapostol, rbserver, reassor, rfa, robee, rokinot, sach1r0, saian, samruna, sashik_eth, simon135, supernova, tofunmi, zuhaibmohd
21.3211 USDC - $21.32
IMPACT Require statements including conditions with the && operator can be broken down in multiple require statements to save gas.
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowDelegation.sol#L239 require(attachments[_tokenId] == 0 && !voted[_tokenId], 'attached');
Mitigation: require(attachments[_tokenId] == 0, 'attached'); require(!voted[_tokenId], 'attached');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L538 require(attachments[_tokenId] == 0 && !voted[_tokenId], 'attached');
Mitigation: require(attachments[_tokenId] == 0, 'attached'); require(!voted[_tokenId], 'attached');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L894 require(attachments[_from] == 0 && !voted[_from], 'attached');
Mitigation: require(attachments[_from] == 0, 'attached'); require(!voted[_from], 'attached');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1008 require(attachments[_tokenId] == 0 && !voted[_tokenId], 'attached');
Mitigation: require(attachments[_tokenId] == 0, 'attached'); require(!voted[_tokenId], 'attached');
IMPACT Prefix increments are cheaper than postfix increments.
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/core/GolomTrader.sol#L415 for (uint256 i = 0; i < proof.length; i++) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L143 for (uint256 index = 0; index < epochs.length; index++) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L157 for (uint256 index = 0; index < epochs.length; index++) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L180 for (uint256 tindex = 0; tindex < tokenids.length; tindex++) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L183 for (uint256 index = 0; index < epochs.length; index++) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L226 for (uint256 index = 0; index < epoch; index++) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L258 for (uint256 index = 0; index < epoch; index++) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L273 for (uint256 index = 0; index < epoch; index++) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowDelegation.sol#L171 for (uint256 index = 0; index < delegated.length; index++) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowDelegation.sol#L189 for (uint256 index = 0; index < delegatednft.length; index++) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowDelegation.sol#L199 for (uint256 i; i < _array.length; i++) {
Mitigation: replace foo++ to ++foo
IMPACT If a variable is not set/initialized, it is assumed to have the default value (0, false, 0x0 etc depending on the data type). Explicitly initializing it with its default value is an anti-pattern and wastes gas.
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/core/GolomTrader.sol#L415 for (uint256 i = 0; i < proof.length; i++) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L45 uint256 public epoch = 0;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L142 uint256 reward = 0;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L143 for (uint256 index = 0; index < epochs.length; index++) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L156 uint256 reward = 0;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L157 for (uint256 index = 0; index < epochs.length; index++) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L175 uint256 reward = 0;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L176 uint256 rewardEth = 0;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L180 for (uint256 tindex = 0; tindex < tokenids.length; tindex++) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L183 for (uint256 index = 0; index < epochs.length; index++) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L222 uint256 reward = 0;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L223 uint256 rewardEth = 0;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L226 for (uint256 index = 0; index < epoch; index++) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L257 uint256 reward = 0;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L258 for (uint256 index = 0; index < epoch; index++) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L272 uint256 reward = 0;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L273 for (uint256 index = 0; index < epoch; index++) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowDelegation.sol#L50 uint256 public MIN_VOTING_POWER_REQUIRED = 0;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowDelegation.sol#L147 uint256 lower = 0;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowDelegation.sol#L170 uint256 votes = 0;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowDelegation.sol#L171 for (uint256 index = 0; index < delegated.length; index++) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowDelegation.sol#L188 uint256 votes = 0;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowDelegation.sol#L189 for (uint256 index = 0; index < delegatednft.length; index++) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L697 int128 old_dslope = 0;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L698 int128 new_dslope = 0;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L735 uint256 block_slope = 0; // dblock/dt
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L745 for (uint256 i = 0; i < 255; ++i) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L749 int128 d_slope = 0;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1042 uint256 _min = 0;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1044 for (uint256 i = 0; i < 128; ++i) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1113 uint256 _min = 0;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1115 for (uint256 i = 0; i < 128; ++i) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1133 uint256 d_block = 0;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1134 uint256 d_t = 0;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1167 for (uint256 i = 0; i < 255; ++i) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1169 int128 d_slope = 0;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1184 last_point.bias = 0;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1211 uint256 dt = 0;
Mitigation: Remove explicit value initialization.
IMPACT: Custom errors from Solidity 0.8.4 are cheaper than require/revert strings (cheaper deployment cost and runtime cost when the revert condition is met) while providing the same amount of information, as explained here
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/core/GolomTrader.sol#L177 require(signaturesigner == o.signer, 'invalid signature');
Instance: https://github.com/code-423n4/2022-07-golom/blob/main/contracts/core/GolomTrader.sol#L211-L214 require( o.totalAmt >= o.exchange.paymentAmt + o.prePayment.paymentAmt + o.refererrAmt + (o.totalAmt * 50) / 10000, 'amt not matching' );
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/core/GolomTrader.sol#L217 require(msg.value >= o.totalAmt * amount + p.paymentAmt, 'mgmtm');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/core/GolomTrader.sol#L220 require(msg.sender == o.reservedAddress);
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/core/GolomTrader.sol#L222 require(o.orderType == 0, 'invalid orderType');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/core/GolomTrader.sol#L226 require(status == 3, 'order not valid');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/core/GolomTrader.sol#L227 require(amountRemaining >= amount, 'order already filled');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/core/GolomTrader.sol#L235 require(amount == 1, 'only 1 erc721 at 1 time');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/core/GolomTrader.sol#L299 require(amount == 1, 'only 1 erc721 at 1 time');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/core/GolomTrader.sol#L359 require(amount == 1, 'only 1 erc721 at 1 time');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/core/GolomTrader.sol#L426 revert('invalid proof');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/core/GolomTrader.sol#L455 require(distributorEnableDate <= block.timestamp, 'not allowed');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L173 require(address(ve) != address(0), ' VE not added yet');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L181 require(tokenowner == ve.ownerOf(tokenids[tindex]), 'Can only claim for a single Address together');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L184 require(epochs[index] < epoch, 'cant claim for future epochs');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L185 require(claimed[tokenids[tindex]][epochs[index]] == 0, 'cant claim if already claimed');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L220 require(address(ve) != address(0), ' VE not added yet');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L292 require(traderEnableDate <= block.timestamp, 'RewardDistributor: time not over yet');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L309 require(voteEscrowEnableDate <= block.timestamp, 'RewardDistributor: time not over yet');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowDelegation.sol#L72 require(ownerOf(tokenId) == msg.sender, 'VEDelegation: Not allowed');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowDelegation.sol#L73 require(this.balanceOfNFT(tokenId) >= MIN_VOTING_POWER_REQUIRED, 'VEDelegation: Need more voting power');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowDelegation.sol#L99 require(_delegatedTokenIds.length < 500, 'VVDelegation: Cannot stake more');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowDelegation.sol#L130 require(blockNumber < block.number, 'VEDelegation: not yet determined');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowDelegation.sol#L186 require(blockNumber < block.number, 'VEDelegation: not yet determined');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowDelegation.sol#L211 require(ownerOf(tokenId) == msg.sender, 'VEDelegation: Not allowed');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowDelegation.sol#L239 require(attachments[_tokenId] == 0 && !voted[_tokenId], 'attached');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L538 require(attachments[_tokenId] == 0 && !voted[_tokenId], 'attached');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L608 revert('ERC721: transfer to non ERC721Receiver implementer');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L894 require(attachments[_from] == 0 && !voted[_from], 'attached');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L928 require(_locked.amount > 0, 'No existing lock found');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L929 require(_locked.end > block.timestamp, 'Cannot add to expired lock. Withdraw');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L945 require(unlock_time > block.timestamp, 'Can only lock until time in the future');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L946 require(unlock_time <= block.timestamp + MAXTIME, 'Voting lock can be 4 years max');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L982 require(_locked.amount > 0, 'No existing lock found');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L983 require(_locked.end > block.timestamp, 'Cannot add to expired lock. Withdraw');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L996 require(_locked.end > block.timestamp, 'Lock expired');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L997 require(_locked.amount > 0, 'Nothing is locked');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L998 require(unlock_time > _locked.end, 'Can only increase lock duration');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L999 require(unlock_time <= block.timestamp + MAXTIME, 'Voting lock can be 4 years max');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1008 require(attachments[_tokenId] == 0 && !voted[_tokenId], 'attached');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1011 require(block.timestamp >= _locked.end, "The lock didn't expire");
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1082 require(idToOwner[_tokenId] != address(0), 'Query for nonexistent token');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1227 require(_isApprovedOrOwner(msg.sender, _tokenId), 'caller is not owner nor approved');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/governance/GolomToken.sol#L24 require(msg.sender == minter, 'GolomToken: only reward distributor can enable');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/governance/GolomToken.sol#L43 require(!isAirdropMinted, 'already minted');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/governance/GolomToken.sol#L51 require(!isGenesisRewardMinted, 'already minted');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/governance/GolomToken.sol#L69 require(minterEnableDate <= block.timestamp, 'GolomToken: wait for timelock');
Mitigation: Replace require and revert statements with custom errors.
IMPACT In the EVM, there is no opcode for >= or <=. When using greater than or equal, two operations are performed: > and =. Using strict comparison operators hence saves gas.
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/core/GolomTrader.sol#L189 if (filled[hashStruct] >= o.tokenAmt) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/core/GolomTrader.sol#L212 o.totalAmt >= o.exchange.paymentAmt + o.prePayment.paymentAmt + o.refererrAmt + (o.totalAmt * 50) / 10000,
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/core/GolomTrader.sol#L217 require(msg.value >= o.totalAmt * amount + p.paymentAmt, 'mgmtm');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/core/GolomTrader.sol#L227 require(amountRemaining >= amount, 'order already filled');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/core/GolomTrader.sol#L296 require(amountRemaining >= amount);
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/core/GolomTrader.sol#L342 require(o.totalAmt >= o.exchange.paymentAmt + o.prePayment.paymentAmt + o.refererrAmt);
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/core/GolomTrader.sol#L350 require(amountRemaining >= amount);
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/core/GolomTrader.sol#L417 if (computedHash <= proofElement) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/core/GolomTrader.sol#L455 require(distributorEnableDate <= block.timestamp, 'not allowed');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L292 require(traderEnableDate <= block.timestamp, 'RewardDistributor: time not over yet');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L309 require(voteEscrowEnableDate <= block.timestamp, 'RewardDistributor: time not over yet');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowDelegation.sol#L73 require(this.balanceOfNFT(tokenId) >= MIN_VOTING_POWER_REQUIRED, 'VEDelegation: Need more voting power');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowDelegation.sol#L138 if (checkpoints[nftId][nCheckpoints - 1].fromBlock <= blockNumber) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L902 uint256 end = _locked0.end >= _locked1.end ? _locked0.end : _locked1.end;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L946 require(unlock_time <= block.timestamp + MAXTIME, 'Voting lock can be 4 years max');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L999 require(unlock_time <= block.timestamp + MAXTIME, 'Voting lock can be 4 years max');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1011 require(block.timestamp >= _locked.end, "The lock didn't expire");
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1046 if (_min >= _max) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1050 if (point_history[_mid].blk <= _block) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1110 assert(_block <= block.number);
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1117 if (_min >= _max) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1121 if (user_point_history[_tokenId][_mid].blk <= _block) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1149 if (upoint.bias >= 0) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1206 assert(_block <= block.number);
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/governance/GolomToken.sol#L69 require(minterEnableDate <= block.timestamp, 'GolomToken: wait for timelock');
Mitigation: Replace <= with <, and >= with >. Do not forget to increment/decrement the compared variable
IMPACT
0 is less gas efficient than !0 if you enable the optimizer at 10k AND youβre in a require statement. Detailed explanation with the opcodes here
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/core/GolomTrader.sol#L152 if (payAmt > 0) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/core/GolomTrader.sol#L250 if (o.refererrAmt > 0 && referrer != address(0)) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/core/GolomTrader.sol#L387 if (o.refererrAmt > 0 && referrer != address(0)) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L124 if (previousEpochFee > 0) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowDelegation.sol#L78 if (nCheckpoints > 0) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowDelegation.sol#L103 if (nCheckpoints > 0 && oldCheckpoint.fromBlock == block.number) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowDelegation.sol#L119 return nCheckpoints > 0 ? checkpoints[tokenId][nCheckpoints - 1].delegatedTokenIds : myArray;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L579 return size > 0;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L704 if (old_locked.end > block.timestamp && old_locked.amount > 0) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L708 if (new_locked.end > block.timestamp && new_locked.amount > 0) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L727 if (_epoch > 0) {
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L927 require(_value > 0); // dev: need non-zero value
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L928 require(_locked.amount > 0, 'No existing lock found');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L944 require(_value > 0); // dev: need non-zero value
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L981 assert(_value > 0); // dev: need non-zero value
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L982 require(_locked.amount > 0, 'No existing lock found');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L997 require(_locked.amount > 0, 'Nothing is locked');
Mitigation: Replace >0 with !0
IMPACT X = X + Y IS CHEAPER THAN X += Y X = X- Y IS CHEAPER THAN X -= Y
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L499 ownerToNFTokenCount[_to] += 1;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L512 ownerToNFTokenCount[_from] -= 1;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L748 t_i += WEEK;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L755 last_point.bias -= last_point.slope * int128(int256(t_i - last_checkpoint));
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L756 last_point.slope += d_slope;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L768 _epoch += 1;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L784 last_point.slope += (u_new.slope - u_old.slope);
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L785 last_point.bias += (u_new.bias - u_old.bias);
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L803 old_dslope += u_old.slope;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L805 old_dslope -= u_new.slope; // It was a new deposit, not extension
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L812 new_dslope -= u_new.slope; // old slope disappeared at this point
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L847 _locked.amount += int128(int256(_value));
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1071 last_point.bias -= last_point.slope * int128(int256(_t) - int256(last_point.ts));
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1145 block_time += (d_t * (_block - point_0.blk)) / d_block;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1148 upoint.bias -= upoint.slope * int128(int256(block_time - upoint.ts));
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1168 t_i += WEEK;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1175 last_point.bias -= last_point.slope * int128(int256(t_i - last_point.ts));
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L1179 last_point.slope += d_slope;
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/TokenUriHelper.sol#L143 digits -= 1;
Mitigation: X += Y replace with X = X + Y X -= Y replace with X = X - Y
IMPACT REQUIRE()/REVERT() Strings longer than 32 bytes cost extra gas
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L181 require(tokenowner == ve.ownerOf(tokenids[tindex]), 'Can only claim for a single Address together');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L292 require(traderEnableDate <= block.timestamp, 'RewardDistributor: time not over yet');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/rewards/RewardDistributor.sol#L309 require(voteEscrowEnableDate <= block.timestamp, 'RewardDistributor: time not over yet');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowDelegation.sol#L73 require(this.balanceOfNFT(tokenId) >= MIN_VOTING_POWER_REQUIRED, 'VEDelegation: Need more voting power');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L608 revert('ERC721: transfer to non ERC721Receiver implementer');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L929 require(_locked.end > block.timestamp, 'Cannot add to expired lock. Withdraw');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L945 require(unlock_time > block.timestamp, 'Can only lock until time in the future');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/vote-escrow/VoteEscrowCore.sol#L983 require(_locked.end > block.timestamp, 'Cannot add to expired lock. Withdraw');
Instance: https://github.com/code-423n4/2022-07-golom/tree/main/contracts/governance/GolomToken.sol#L24 require(msg.sender == minter, 'GolomToken: only reward distributor can enable');
Mitigation: Replace with more compact strings.